Tyklings blog Witty but descriptive text goes here

Radicale on FreeBSD

by Tykling

05. dec 2017 11:25 UTC


I've been working to replace my OwnCloud installation with something else. I use the Calendar part of OwnCloud a lot, and this post is about replacing the CalDAV bits of OwnCloud with Radicale, a Python based CalDAV and CardDAV server.

I use nginx and supervisord so I will start out by showing the config for those before getting deeper into Read More


Working Around Bugs

by Tykling

02. nov 2017 14:47 UTC


This is the story of a bug I found in Djangos Daphne HTTP and Websocket terminating server, where I had to work around the bug for months while waiting for the fix to make it into a release.

Daphne is part of the Channels project which is Djangos cool websocket thing that recently got adopted as a part of the official Django project. We've been using Channels for a while on the the Schedule...

Read More


FreeBSD on the apu2c4

by Tykling

19. sep 2017 19:59 UTC


Today I had the pleasure of trying out my new apu2c4. Hit a few snags here and there so I am documenting my experiences for future reference. I have an apu3 as well, but I haven't played with it yet, so that will have to wait for another blog post.

Serial console on Qubes

My Qubes installation on my laptop is using the sys-usb vm thing so the first thing I needed to do was to assign the...

Read More


Generating TLSA Records With OpenSSL

by Tykling

07. jun 2017 05:54 UTC


I am in the process of implementing Certgrinder on all my servers, and as a part of that I am publishing TLSA records for all my services. I haven't been able to do so before, because the normal LetsEncrypt procedure means rolling cert and keys every three months. With Certgrinder I am not rolling the keys when renewing, so I can pin the public keys instead of the certificates in the TLSA records.

Most examples ...

Read More


Introducing Certgrinder, a LetsEncrypt SSH Proxy

by Tykling

30. apr 2017 12:46 UTC


Background

Like many people I've been switching to LetsEncrypt for my certificate signing needs. I recently changed a bunch of LE related things. This post documents my new method of using the LetsEncrypt certbot client from a central location, with the certificate consumers (webservers etc) getting their certificates over SSH using a standard CSR. Much like when we were using commercial CAs.

This has a couple of important advantages over my old setup:

...

Read More


Ansible and Unix File Permissions

by Tykling

19. nov 2016 13:35 UTC


Background

Earlier this week I was pretty surprised to see some weird permissions on some nginx config files on my servers. The servers are managed by Ansible so I suspected some changes I made to my ansible roles a few days prior. I only made syntax changes so I didn't expect anything to change. But sometimes the rabbit hole goes deeper than you imagined :)

So I looked at the Ansible task that creates ...

Read More


Fun with FreeBSD Listen Queue Overflow

by Tykling

02. oct 2016 12:22 UTC


I spotted a listen queue overflow error message in /var/log/messages on one of my jailhosts today.

I have no idea what could be causing this. This jailhost is busy so it could be a lot of things. Seems to happen about every hour, perhaps some scheduled job?

Most results when you search for the error mention TCP services that can't keep up with the connection rate to the TCP port. But since I didn't know which TCP port I had some detective work to do.

The error...

Read More


Cleaning up Django migrations

by Tykling

17. mar 2016 10:48 UTC


Background

Djangos database migrations system greatly simplifies the task of keeping multiple databases in sync (the schema, not the data) as the schema evolves over time. Formerly known as South, Djangos migrations system is also a good example of how Django embraces and includes 3rd party packages when it makes sense.

Over the last year I (and colleagues) have been developing a Django-based provisioning system for an ISP. The system has grown rather large with a lot o...

Read More


PostgreSQL "hot standby" - replication from FreeBSD master to Ubuntu standby

by Tykling

23. jan 2016 20:08 UTC


Background

I was asked to provide a replica of a postgresql server running on FreeBSD. The replica was for reporting purposes, so it must be possible to run read-only queries on it, and it needs to be up-to-date at all times. In postgres land this is called a Hot Standby. Almost the same as a warm standby, except that it accepts connections and read-only queries. The replication had to be done to an Ubuntu 14.04.2 LTS machine running on Amazon. Both postgres servers are version 9...

Read More


New blog software

by Tykling

27. sep 2015 10:56 UTC


This blog used to be based on Django Mezzanine which stopped working for some reason. The whole thing was stupidly complex anyway.

I've written a small Django project to run the blog in the future. The sourcecode can be found on Github.


OCSP Stapling in Nginx

by Tykling

22. oct 2013 23:24 UTC


Background

This post is about getting OCSP Stapling to work in nginx. OCSP is short for Online Certificate Status Protocol and is a close to realtime method of checking an TLS certificates validity.

This blogpost is based on nginx 1.4.3 (you need at least nginx 1.3.7 for OCSP stapling to work) compiled against OpenSSL 1.0.1e in a FreeBSD 9.2 jail. To compile ...

Read More


Showing 11 of 11 blogposts